Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0f0eb06f46b815a0a91b226be8f7d71e02127acbe9f63fc370ebc7e440033dad
-
Size
3.9MB
-
Sample
230706-eea5lagf98
-
MD5
94e1aab14bdabba9b6d674340689405c
-
SHA1
312d2ca04b9330f57d30756ca17f7511ceb62e88
-
SHA256
0f0eb06f46b815a0a91b226be8f7d71e02127acbe9f63fc370ebc7e440033dad
-
SHA512
c537f0972aa356d7d1d6b8b009ebc5a2865d921c5180c43b3f059fea852ccb6ff100ed882a2226e7f5ac4f4bae41596dcc08abb789b45d11ddc1fbee27467d1c
-
SSDEEP
49152:3RBTN3JIiW0QsudBoHY6Xp8TbHTb+vBeqgV3tZuigMYI6NLcDe4JHMSrnozGdj4d:FWxxap0R8igM1qcL/nQwMXzrc+
Static task
static1
Behavioral task
behavioral1
Sample
0f0eb06f46b815a0a91b226be8f7d71e02127acbe9f63fc370ebc7e440033dad.exe
Resource
win7-20230705-en
Behavioral task
behavioral2
Sample
0f0eb06f46b815a0a91b226be8f7d71e02127acbe9f63fc370ebc7e440033dad.exe
Resource
win10-20230703-en
Malware Config
Extracted
redline
furod
77.91.68.70:19073
-
auth_value
d2386245fe11799b28b4521492a5879d
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
0f0eb06f46b815a0a91b226be8f7d71e02127acbe9f63fc370ebc7e440033dad
-
Size
3.9MB
-
MD5
94e1aab14bdabba9b6d674340689405c
-
SHA1
312d2ca04b9330f57d30756ca17f7511ceb62e88
-
SHA256
0f0eb06f46b815a0a91b226be8f7d71e02127acbe9f63fc370ebc7e440033dad
-
SHA512
c537f0972aa356d7d1d6b8b009ebc5a2865d921c5180c43b3f059fea852ccb6ff100ed882a2226e7f5ac4f4bae41596dcc08abb789b45d11ddc1fbee27467d1c
-
SSDEEP
49152:3RBTN3JIiW0QsudBoHY6Xp8TbHTb+vBeqgV3tZuigMYI6NLcDe4JHMSrnozGdj4d:FWxxap0R8igM1qcL/nQwMXzrc+
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-